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DETAILED ACTION 

Response to Amendment 

1 . This Office Action is responsive to the amendment filed December 22, 2008. 

2. Claims 1-8, 10-17, 19-26, 28-38, 41-44 are pending. 

Response to Arguments 

3. Applicant's arguments filed December 22, 2008 have been fully considered but they are 
not persuasive. 

4. Applicant argues that Breck does not teach "wherein the pseudonym is used for 
authentication"; however, the wherein clause merely expresses the intended results; therefore, it 
does not limit the claim and is not given patentably weight (see MPEP 2111 .04) 

5. Applicant argues that Break does not teach the merchant system analyzes the 
authentication response "to determine if the electronic commerce card account number has been 
successfully authenticated", this is also an intended use feature. Functional recitation(s) using 
the word "for" or other functional language (e.g. "to determine") have been considered but are 
given little patentable weight 1 because they fail to add any structural limitations and are thereby 
regarded as intended use language. A recitation of the intended use of the claimed product must 
result in a structural difference between the claimed product and the prior art in order to 
patentably distinguish the claimed product from the prior art. If the prior art structure is capable 
of performing the intended use, then it reads on the claimed limitation. In re Casey, 370 F.2d 
576, 152 USPQ 235 (CCPA 1967) ("The manner or method in which such machine is to be 

1 See e.g. In re Gulack, 703 F.2d 1381, 217 USPQ 401, 404 (Fed. Cir. 1983)(stating that 
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utilized is not germane to the issue of patentability of the machine itself."); In re Otto, 136 USPQ 
458, 459 (CCPA 1963). See also MPEP §§ 21 14 and 2115. Unless expressly noted otherwise by 
the Examiner, the claim interpretation principles in this paragraph apply to all examined claims 
currently pending. 

6. Applicant argues that Breck does not expressly disclose "wherein the authentication 
response includes a second HTTP redirect command comprising the address of the merchant"; 
however, the specification does not provide support for this feature. Also, arguments with 
respect to this feature have been considered but are moot in view of the new ground(s) of 
rejection. 

Applicant argues that Breck does not expressly disclose "wherein the cardholder system 
thereafter forwards the authentication response to the merchant system"; however, the wherein 
clause merely expresses the intended results; therefore, it does not limit the claim and is not 
given patentably weight (see MPEP 21 1 1.04). 

Claim Rejections - 35 USC § 112 

7. The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

8. Claims 1-8, 10-17, 19-26, 28-38, 41-44 rejected under 35 U.S.C. 1 12, first paragraph, as 
failing to comply with the written description requirement. The claim(s) contains subject matter 
which was not described in the specification in such a way as to reasonably convey to one skilled 
in the relevant art that the inventor(s), at the time the application was filed, had possession of the 



although all limitations must be considered, not all limitations are entitled to patentable weight). 
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claimed invention. For instance, claim 1 recites "wherein the authentication response includes a 
second HTTP redirect command comprising the address of the merchant, wherein the cardholder 
system thereafter forwards the authentication response to the merchant system"; however, the 
Specification does not support these features. If Applicant disagrees, please indicate where these 
features are described. 

Claim Rejections - 35 USC § 103 

9. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

10. Claims 1, 2, 7, 8, 10, 11, 16, 17, 19, 20, 25, 26 32, 33, 38, 41, 43 and 44 are rejected 
under 35 U.S.C. 103(a) as being unpatentable over US Publication No. 2005/0021781 to Sunder 
et al. ("Sunder") and of US Publication No. 2004/0158532 to Breck et al. ("Breck") in view of 
US Publication No. 2004/0177047 to Graves et al. ("Graves"). 

Referring to claim 1 , Sunder discloses receive an authentication request from a 
cardholder system (i.e. client device)(see paragraphs [0005] & [0007]), forward the 
authentication request to an access control server (see paragraph [0008]), relay authentication 
information between the access control server and the cardholder system receive an 
authentication response from the access control server and forward the authentication response to 
the cardholder system (see paragraphs [[0010] &[001 1]). Sunder does not expressly disclose 
wherein the authentication request was previously forward from a merchant system using an 
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HTTP redirect command comprising the address of the central transaction server, wherein the 
authentication request includes a pseudonym corresponding to an electronic commerce card 
account number, wherein the pseudonym expires after a predetermined period of time, wherein 
the pseudonym is used for authentication, wherein the central transaction server initiates a 
payment request process, wherein the authentication response includes a second HTTP redirect 
command comprising the address of the merchant, wherein the cardholder system thereafter 
forwards the authentication response to the merchant system, wherein the merchant system 
analyzes the authentication response to determine if the electronic commerce card account 
number has been successfully authenticated and submits the electronic commerce card account 
number. Breck discloses wherein the authentication request was previously forward using an 
HTTP redirect command comprising the address of the central transaction server (see paragraph 
[0070]), wherein the authentication request includes a pseudonym corresponding to an electronic 
commerce card account number, wherein the pseudonym expires after a predetermined period of 
time (see paragraphs [0080], [0048], and [0056]) and wherein the central transaction server 
initiates a payment request process by submitting the electronic commerce card account number 
to an issuer of the electronic commerce card account number(see paragraph [0091]). Graves 
discloses includes a second HTTP redirect command comprising the address of the merchant, 
wherein the cardholder system thereafter forwards the authentication response to the merchant 
system, wherein the merchant system analyzes the authentication response to determine if the 
electronic commerce card account number has been successfully authenticated (see paragraphs 
[0052] - 1 st HTTP direct, [0055] -[0059] - 2 nd HTTP direct) . As for the feature, "wherein the 
pseudonym is used for authentication", the wherein clause merely expresses the intended results; 
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therefore, it does not limit the claim and is not given patentably weight (see MPEP 2111 .04). At 
the time the invention was made, it would have been obvious to a person of ordinary skill in the 
art to modify the system disclose by Sunder to include the elements taught by Breck and Graves. 
One of ordinary skill in the art would have been motivated to do this because it provides an 
additional level of security. 

Referring to claim 2, Sunder discloses and electronic commerce card authentication 
system (see claim 1 above). Sunder does not expressly discloses the system wherein the 
authentication response is translated to a format compatible with a merchant system. Breck 
discloses the system wherein the authentication response is translated to a format compatible 
with a merchant system (see paragraphs [0054] and [0082]). At the time the invention was made, 
it would have been obvious to a person of ordinary skill in the art to modify the system disclose 
by Sunder to include the elements of Breck. One of ordinary skill in the art would have been 
motivated to do this because it provides a means for the merchant system to read and process the 
message. 

Referring to claims 7 and 8, Sunder discloses an electronic commerce card authentication 
system (see claim 1 above). Sunder does not expressly disclose wherein a pseudonym was 
previously created by the central transaction server or the pseudonym was created by a merchant 
system. Breck discloses the system wherein a pseudonym was previously created by the central 
transaction server or the pseudonym was created by a merchant system (see claim 1 above and 
paragraph [0052]). 

Claims 10, 19, 32 and 33 are rejected on the same rationale as claim 1 above. 
Claims 1 1 and 20 are rejected on the same rationale as claim 2 above. 
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Claims 16 and 25 are rejected on the same rationale as claim 7 above. 
Claims 17 and 26 are rejected on the same rationale as claim 8 above. 

Referring to claim 38, Sunder discloses an authentication server (see claim 1 above). 
Sunder does not expressly disclose the server hosts at least one web page. Breck discloses an 
authentication server that hosts at least one web page (see claim 1 above). At the time the 
invention was made, it would have been obvious to a person of ordinary skill in the art to modify 
the system disclose by Sunder to include the process where the authentication server hosts at 
least one web page. One of ordinary skill in the art would have been motivated to do this because 
it provides an additional level of security. 

Referring to claim 41, Sunder discloses an authentication server (see claim 1 above). 
Sunder does not expressly disclose a pseudonym with the predetermined time in five minutes. 
Breck discloses the pseudonym with a predetermined time, but does not explicitly state that the 
time is in five minutes (see claim 1 above). However, this difference is only found in the 
nonfunctional descriptive material and is not functionally involved in the steps recited. The 
feature where the central transaction server receives a request would be performed the same 
regardless of the data. Thus, this descriptive material will not distinguish the claimed invention 
from the prior art in terms of patentability, see In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 
401, 404 (Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 32 UPSQ2d 1031 (Fed. Cir. 1994). 
Therefore, it would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to receive a request including any type of data because such data does not 
functionally relate to the steps in the method claimed and because the subjective interpretation of 
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the data does not patentably distinguish the claimed invention. 

As per claims 43 and 44 (see claims 1 and 10 rejection above). 

11. Claim 3, 12 and 21 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Sunder and Breck as applied to claims 1,10 and, 19 above, and further in view of U.S. 
Publication No. 2003/0046541 to Gerdes et al. ("Gerdes"). 

Referring to claim 3, Sunder discloses an electronic commerce card authentication system 
(see claim 1 above). Sunder does not expressly disclose wherein the central transaction server is 
adapted to forward a copy of the authentication response to an authentication history server to be 
archived. Gerdes discloses a central transaction server that forwards a copy of an authentication 
response to an authentication history server to be archived (see paragraph [0057]). At the time 
the invention was made, it would have been obvious to a person of ordinary skill in the art to 
modify the system disclose by Sunder to include a copy of the authentication response to an 
authentication history server. One of ordinary skill in the art would have been motivated to do 
this because it provides a history of authentication transaction (see paragraph [0057] of Gerdes). 

Claims 12 and 21 are rejected on the same rationale as claim 3 above. 

12. Claims 4-6, 13-15, 22-24, and 28 -3 1 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sunder and Breck as applied to claims 1,10 above, and further in view of US 
Publication No. 2004/0254848 to Golan et al. ("Golan"). 

Referring to claims 4 and 5, Sunder discloses the electronic commerce card 
authentication system (see claim 1 above). Sunder does not expressly disclose wherein the 
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central transaction server further receives a verifying enrollment request from a directory server, 
and to send a verifying enrollment response to the directory server; wherein the central 
transaction server is sends the verifying enrollment response in response to a query to the access 
control server. Golan discloses wherein the central transaction server further receives a 
verifying enrollment request from a directory server, and to send a verifying enrollment response 
to the directory server; wherein the central transaction server is adapted to send the verifying 
enrollment response in response to a query to the access control server (see paragraphs [0094]- 
[0097] & claims 5,6). At the time the invention was made, it would have been obvious to a 
person of ordinary skill in the art to modify the system disclose by Sunder to include the system 
wherein the central transaction server receives a verifying enrollment request from a directory 
server, and to send a verifying enrollment response to the directory server; wherein the central 
transaction server sends the verifying enrollment response in response to a query to the access 
control server. One of ordinary skill in the art would have been motivated to do this because 
provides an additional level of verification, thereby securing the system. 

Referring to claim 6, Sunder discloses the electronic commerce card authentication 
system (see claim 1 above). Sunder does not expressly disclose the central transaction server is 
adapted to send the verifying enrollment response to the directory server with or without 
querying the access control server, and is further adapted to query the access control server in 
response to receiving an authentication request. Golan discloses the central transaction server is 
adapted to send the verifying enrollment response to the directory server with or without 
querying the access control server, and is further adapted to query the access control server in 
response to receiving an authentication request (see paragraphs [0099] & [0100]). At the time 
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the invention was made, it would have been obvious to a person of ordinary skill in the art to 
modify the system disclose by Sunder to include the system wherein the central transaction 
server is adapted to send the verifying enrollment response to the directory server with or 
without querying the access control server, and is further adapted to query the access control 
server in response to receiving an authentication request. One of ordinary skill in the art would 
have been motivated to do this because provides an additional level of verification, thereby 
securing the system. 

Claims 13, 22, 28, and 30 are rejected on the same rationale as claim 4 above. 

Claims 14 and 23 are rejected on the same rationale as claim 5 above. 

Claims 15 and 24 are rejected on the same rationale as claims 6 above. 

Referring to claims 29 and 31, Sunder discloses the electronic commerce card 
authentication system (see claims 28 and 30 respectively above). Sunder does not expressly 
disclose modifying the verifying enrollment request from a directory server, and forwarding the 
modified verifying enrollment response to the directory server. Golan discloses receiving a 
verifying enrollment request from a directory server, and to send a verifying enrollment response 
to the directory server and sending the verifying enrollment response in response to a query to 
the access control server (see paragraphs [0094]-[0097] & claims 5,6). Golan does not teach the 
request being modified; however, the concept of modifying data is well known in the art of data 
processing. Thus, at the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to modify the system disclose by Sunder to include the steps of disclose 
receiving a verifying enrollment request from a directory server, and to send a verifying 
enrollment response to the directory server and sending the verifying enrollment response in 
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response to a query to the access control server. One of ordinary skill in the art would have been 
motivated to do this because provides an additional level of verification, thereby securing the 
system. 

13. Claims 34- 37 and 42 are rejected under 35 U.S.C. 103(a) as being unpatentable over to 
Sunder and Breck in view of Golan. 

Referring to claim 34, Sunder discloses receiving an authentication request from a holder 
system (i.e. client device) (see paragraphs [0005] & [0007]), sending the authentication request 
with the pseudonym to the access control server (see paragraph [0008]), receiving an 
authentication response and sending the authentication response to the holder system (see 
paragraphs [[0010] & [001 1]). Sunder does not expressly disclose receiving a verifying 
enrollment request, sending the verifying enrollment response to an access control server, 
receiving a verifying enrollment response from the access control server, creating an altered 
verifying enrolling response comprising a pseudonym, sending the altered verifying enrollment 
response to a merchant system, wherein the merchant system subsequently sends an 
authentication request including the pseudonym to a holder system, wherein the authentication 
request including the pseudonym sent to the holder system further comprises a web page 
containing a redirect command, wherein the redirect command is an HTTP redirect command, 
comprising the address of the central transaction server, wherein the pseudonym expires after a 
predetermined period of time. Golan discloses receiving a verifying enrollment request, sending 
the verifying enrollment response to an access control server, receiving a verifying enrollment 
response from the access control server (see paragraphs [0094] - [0097] & claims 5,6). Breck 
discloses creating an altered verifying enrolling response comprising a pseudonym, sending the 
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altered verifying enrollment response to a merchant system, wherein the merchant system 
subsequently sends an authentication request including the pseudonym to a holder system, 
wherein the authentication request including the pseudonym sent to the holder system further 
comprises a web page containing a redirect command, wherein the redirect command is an 
HTTP redirect command, comprising the address of the central transaction server, wherein the 
pseudonym expires after a predetermined period of time (see paragraphs [0048], [0058], [0079], 
and [0080]). At the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to modify the system disclose by Sunder to include the elements taught 
by Golan and Breck. One of ordinary skill in the art would have been motivated to do this 
because it provides an additional level of security. 

As for claims 35-37, Sunder teaches these steps (see claim 34 above). 

Claim 42 is rejected on the same rationale as claim 41 above. 

Conclusion 

14. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
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however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jalatee Worjloh whose telephone number is 571-272-6714. The 
examiner can normally be reached on Monday - Friday 10:00 - 6:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Calvin Hewitt II can be reached on 571-272-6709. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Jalatee Worjloh/ 

Primary Examiner, Art Unit 3685 



